Master class CompTIA Security+ 701 Study Guide

CIA Triad

The core cybersecurity model comprising Confidentiality (authorized reading), Integrity (unaltered data), and Availability (reliable access).

Non-repudiation

A security property ensuring that a person cannot deny performing an action, such as creating or sending a resource.

NIST Cybersecurity Framework Functions

A classification of cybersecurity tasks into five functions: Identify, Protect, Detect, Respond, and Recover.

Gap Analysis

The process of identifying deviations between an organization's current security systems and the requirements of a chosen framework.

IAM

Identity and Access Management; includes the processes of identification, authentication, authorization, and accounting.

Technical Controls

Security controls implemented as hardware, software, or firmware, such as firewalls and antivirus software.

Operational Controls

Security controls implemented primarily by people, such as training programs and security guards.

Compensating Control

A security control that substitutes for a principal control, providing equivalent or better protection.

Vulnerability

A weakness that can be accidentally triggered or intentionally exploited to cause a security breach.

Threat Actor

The person or entity that poses a threat by exploiting vulnerabilities.

Risk

The level of hazard calculated by the likelihood of exploitation by a threat actor and the resulting impact.

APT

Advanced Persistent Threat; the ability of an adversary to achieve and maintain ongoing network access using various tools.

Attack Surface

All the points where a threat actor can interact with a network port, application, computer, or user.

Zero-Day Vulnerability

A flaw unknown to developers and vendors, providing them "zero days" to fix it once the flaw is discovered.

Phishing

A social engineering technique that combines spoofing to trick targets into interacting with malicious resources disguised as trusted ones.

Typosquatting

The practice of registering domain names similar to legitimate ones (e.g., exannple.com) to exploit user trust.

Business Email Compromise (BEC)

A targeted campaign where an attacker poses as a colleague or vendor to trick executives into authorizing fraudulent payments.

Symmetric Encryption

A cryptographic process using a single secret key for both encryption and decryption.

Asymmetric Encryption

Encryption using a related pair of keys (public and private); the public key encrypts, and only the private key can decrypt.

Hashing Algorithm

A process that generates a fixed-length string of bits (message digest) from input data, used to ensure data integrity.

Digital Signature

A combination of hashing and asymmetric encryption used to ensure data integrity and authenticate the sender.

PKI

Public Key Infrastructure; a system that proves the identity of public key owners using digital certificates validated by Certificate Authorities.

Subject Alternative Name (SAN)

An extension field in a digital certificate used to represent different identifiers, including FQDNs and IP addresses.

CRL

Certificate Revocation List; a list maintained by a CA that contains revoked or suspended certificates.

Online Certificate Status Protocol (OCSP)

A protocol that provides real-time status of a digital certificate.

Trusted Platform Module (TPM)

A dedicated cryptoprocessor module on a computer platform for key generation, storage, and cryptographic operations.

Perfect Forward Secrecy (PFS)

A mechanism that uses Diffie-Hellman to create ephemeral session keys, ensuring that compromise of a server's private key does not reveal recorded sessions.

Salting

Adding a unique, random value to a password before hashing to increase entropy and prevent the use of rainbow tables.

Key Stretching

The process of repeatedly hashing a password-derived key to slow down brute force attacks (e.g., PBKDF2).

Blockchain

A decentralized method of recording transactional blocks where each block contains a hash of the previous one to ensure immutability.

Tokenization

Replacing sensitive data field values with randomly generated tokens stored separately in a secure vault.

Multifactor Authentication (MFA)

An authentication scheme combining two or more factors: something you know, something you have, or something you are.

Crossover Error Rate (CER)

The point where the False Rejection Rate ($FRR$) and False Acceptance Rate ($FAR$) are equal; lower values indicate more reliable biometric technology.

FIDO2

A framework for passwordless authentication using public/private key pairs and local gestures (biometrics/PINs).

Discretionary Access Control (DAC)

Access control model where the resource owner has full control over the resource and its access control list ($ACL$).

Mandatory Access Control (MAC)

A system-enforced access model based on security clearance labels and subject clearance levels.

Attribute-Based Access Control (ABAC)

Access model where decisions are based on a combination of subject, object, and context-sensitive attributes.

Least Privilege

The principle that users are granted only the minimum rights necessary to perform their authorized tasks.

Privileged Access Management (PAM)

Policies and technical controls designed to prevent the compromise of administrative accounts.

Kerberos

A network authentication protocol used for Single Sign-on ($SSO$) involving a Key Distribution Center ($KDC$) and tickets.

SAML

Security Assertion Markup Language; an XML-based protocol for transmitting claims between an identity provider and a service provider.

OAuth

A protocol for authentication and authorization in RESTful APIs that uses tokens to share user profile information between sites.

VLAN

Virtual LAN; a logical Layer 2 domain mapped to physical switches that can be further mapped to Layer 3 IP subnets.

Next-Generation Firewall (NGFW)

A firewall that integrates traditional filtering with deep packet inspection, application awareness, and IPS functionality.

Web Application Firewall (WAF)

A specialized firewall that protects web servers and databases from code injection and denial of service attacks.

IPsec

Internet Protocol Security; a suite that operates at Layer 3 to provide secure communication via Authentication Header ($AH$) or Encapsulating Security Payload ($ESP$).

IKE

Internet Key Exchange; a protocol used to negotiate a security association and perform key exchange for IPsec.

Cloud Service Models

A classification of cloud complexity: SaaS (software), PaaS (platform), and IaaS (infrastructure).

Shared Responsibility Model

A security framework where the cloud provider manages infrastructure security and the customer manages data and application security.

Infrastructure as Code (IaC)

The management of computing infrastructure through machine-readable definition files (YAML, JSON, HCL).

Software Defined Networking (SDN)

The abstraction of network functions into management, control, and data planes.

Zero Trust Architecture (ZTA)

A security model where all access requests are continuously verified and authorized, moving defenses to focus on individual users and assets.

Data Deduplication

A compression technique that improves storage efficiency by eliminating redundant data blocks.

MTD

Maximum Tolerable Downtime; the longest period a business function can be down without causing irrecoverable failure.

RTO

Recovery Time Objective; the duration of time within which a business process must be restored after a disaster.

MTBF

Mean Time Between Failures; the expected lifetime of a product, calculated as total operational time divided by the number of failures.

Honeypot

A decoy system designed to mimic real systems to monitor attacker activity and gather intelligence.

SCAP

Security Content Automation Protocol; used by vulnerability scanners to compare system configurations to secure baselines.

CVSS

Common Vulnerability Scoring System; a system that scores vulnerabilities from $0$ to $10$ based on severity characteristics.

WPA3

The latest Wi-Fi security standard that introduces Simultaneous Authentication of Equals ($SAE$) to replace $PSK$.

Network Access Control (NAC)

A system that authenticates users/devices and ensures they meet security compliance (posture) before granting network access.

EDR

Endpoint Detection and Response; software providing real-time visibility and automated remediation for threats on endpoint devices.

XDR

Extended Detection and Response; evolves from $EDR$ to integrate security data from endpoints, networks, and cloud platforms.

TLS

Transport Layer Security; the successor to $SSL$ used to secure application protocols like $HTTP$ (as $HTTPS$) via encryption and digital certificates.

SNMP

Simple Network Management Protocol; a framework for network monitoring using monitors and agents that maintain a Management Information Base ($MIB$).

SPF

Sender Policy Framework; checks the sender's IP against authorized IP addresses listed in the DNS TXT records of the sender's domain.

DKIM

DomainKeys Identified Mail; uses digital signatures to enable email verification by the receiving server.

DMARC

Domain-based Message Authentication, Reporting & Conformance; defines rules for handling messages based on $SPF$ and $DKIM$ checks.

DNSSEC

DNS Security Extensions; validates DNS responses using signed resource records to mitigate spoofing/poisoning attacks.

Static Code Analysis

The practice of identifying vulnerabilities and errors in source code before it is deployed.

Software Sandboxing

A security mechanism that isolates running processes to prevent them from accessing the host system.

SIEM

Security Information and Event Management; software that aggregates and correlates log data from network sensors and hosts for reporting and alerting.

Order of Volatility

The forensic best practice of capturing evidence from the most fleeting sources (e.g., $CPU$ registers) to the most permanent (e.g., archival media).

Chain of Custody

A chronological record of the collection, handling, and storage of digital evidence to preserve its integrity for legal proceedings.

Rootkit

A type of malware that gains high-level privileges and conceals its presence by compromising system files and interfaces.

RAT

Remote Access Trojan; covert backdoor malware that mimics legitimate remote control programs to allow attackers control of a zombie host.

IoC

Indicator of Compromise; a residual sign that an asset or network has been successfully attacked (e.g., specific file hashes or connection endpoints).

ARP Poisoning

An Layer 2 on-path attack that redirects traffic by sending unsolicited/gratuitous $ARP$ replies to update MAC:IP caches with spoofed addresses.

SQL Injection

An injection attack that manipulates $SQL$ queries to extract or insert information into back-end databases.

Cross-Site Scripting (XSS)

An attack that exploits a browser's trust in scripts from a trusted site to execute malicious code client-side.

GDPR

General Data Protection Regulation; a global privacy law protecting the personal data of EU residents.

Data Sovereignty

The concept that data is subject to the jurisdictional laws of the geographic location where it is processed or stored.

DLP

Data Loss Prevention; systems that automate discovery and classification of data to enforce rules against unauthorized viewing or transfer.

CIA Triad

The core cybersecurity model comprising Confidentiality (authorized reading), Integrity (unaltered data), and Availability (reliable access).

Non-repudiation

A security property ensuring that a person cannot deny performing an action, such as creating or sending a resource.

NIST Cybersecurity Framework Functions

A classification of cybersecurity tasks into five functions: Identify, Protect, Detect, Respond, and Recover.

Gap Analysis

The process of identifying deviations between an organization's current security systems and the requirements of a chosen framework.

IAM

Identity and Access Management; includes the processes of identification, authentication, authorization, and accounting.

Technical Controls

Security controls implemented as hardware, software, or firmware, such as firewalls and antivirus software.

Operational Controls

Security controls implemented primarily by people, such as training programs and security guards.

Compensating Control

A security control that substitutes for a principal control, providing equivalent or better protection.

Vulnerability

A weakness that can be accidentally triggered or intentionally exploited to cause a security breach.

Threat Actor

The person or entity that poses a threat by exploiting vulnerabilities.

Risk

The level of hazard calculated by the likelihood of exploitation by a threat actor and the resulting impact.

APT

Advanced Persistent Threat; the ability of an adversary to achieve and maintain ongoing network access using various tools.

Attack Surface

All the points where a threat actor can interact with a network port, application, computer, or user.

Zero-Day Vulnerability

A flaw unknown to developers and vendors, providing them "zero days" to fix it once the flaw is discovered.

Phishing

A social engineering technique that combines spoofing to trick targets into interacting with malicious resources disguised as trusted ones.

Typosquatting

The practice of registering domain names similar to legitimate ones (e.g., exannple.com) to exploit user trust.

Business Email Compromise (BEC)

A targeted campaign where an attacker poses as a colleague or vendor to trick executives into authorizing fraudulent payments.